從密鑰庫檢索X509證書時出錯
[英]error while retrieving the X509 certificate from keystore
問題描述
我正在嘗試使用別名和密碼檢索已存儲在KeyStore中的X509Certificate。 但我經常在檢索用於簽署證書的私鑰時獲得空指針異常。 它有時會起作用,有時卻不起作用。 一點幫助將得到滿足。 謝謝!
在下面的代碼中,我嘗試刪除條件以檢查它是否是PrivateKey實例。 它不起作用。
public X509Certificate generateCertificate(String userId, char[] password, KeyPair newKeyPair, String algorithm) throws Exception
{
KeyPair groupManagerKeyPair = LoadKeyPair(gmPath, "EC");
PrivateKey gmPrivateKey = groupManagerKeyPair.getPrivate();
String dn = "CN="+userId;
//char[] password = user.getPassword().toCharArray();
String alias = userId;
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + 365 * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key((PublicKey) newKeyPair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithECDSA_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(gmPrivateKey, algorithm);
X509Certificate[] certificateChain = new X509Certificate[1];
certificateChain[0] = cert;
System.out.println("cert::"+cert);
//save certificate into keyStore
saveCertificateInKeyStore(alias, password, gmPrivateKey, certificateChain);
// Update the algorithm, and resign.
/*algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);*/
return cert;
}
public void storeKeyAndCertificateChain(String alias, char[] password, Key key, X509Certificate[] chain) throws Exception{
String keystore = "D:\\testkeys.jks";
KeyStore keyStore=KeyStore.getInstance("jks");
keyStore.load(null,null);
keyStore.setKeyEntry(alias, key, password, chain);
keyStore.store(new FileOutputStream(keystore),password);
}
public X509Certificate loadAndDisplayChain(String alias,char[] password) throws Exception{
//Reload the keystore
String keystore = "D:\\testkeys.jks";
KeyStore keyStore=KeyStore.getInstance("jks");
keyStore.load(new FileInputStream(keystore),password);
Key key=keyStore.getKey(alias, password);
X509Certificate x509Certificate = null;
if(key instanceof PrivateKey){
System.out.println("Get private key : ");
System.out.println(key.toString());
Certificate[] certs=keyStore.getCertificateChain(alias);
System.out.println("Certificate chain length : "+certs.length);
for(Certificate cert:certs){
System.out.println(cert.toString());
if(certs.length == 1)
x509Certificate = (X509Certificate) cert;
}
}else{
System.out.println("Key is not private key");
}
return x509Certificate;
}
I expect that it should load the certificate using the parameters.. alias and password.
1 個解決方案
解決方案1
0 2019-04-04 19:28:34
為了清楚起見 - 在正常情況下,您應該使用X509Certificate實例使用KeyManager從KeyManagerFactory使用KeyStore來初始化SSLContext,依此類推......
但是讓我們說你需要檢查一下。 您需要做的就是確保您的KeyStore已初始化:
private String keystoreType = "JKS_or_PKCS12";
private String keystoreName = "path_to_keystore";
private String keystorePassword = "your_password";
@Bean
public KeyStore keyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
KeyStore keyStore = KeyStore.getInstance(keystoreType);
try (InputStream keyStoreStream = new FileInputStream(keystoreName)) {
keyStore.load(keyStoreStream, keystorePassword.toCharArray());
}
return keyStore;
}
並獲得您的X509Certificate實例:
public X509Certificate[] x509Certificates(KeyStore keyStore) throws KeyStoreException {
Enumeration<String> aliases = keyStore.aliases();
List<X509Certificate> trustedIssuers = new ArrayList<>();
while (aliases.hasMoreElements()) {
trustedIssuers.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
}
return trustedIssuers.toArray(new X509Certificate[0]);
}
獲取您的私鑰:
public PrivateKey getPrivateKey(KeyStore keyStore, String keystorePassword, String alias)
throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias,
new KeyStore.PasswordProtection(keystorePassword.toCharArray()));
return privateKeyEntry.getPrivateKey();
}
Android - 將pkcs12證書字符串轉換為bks密鑰庫的x509證書對象
[英]Android - converting pkcs12 certificate string to x509 certificate object for bks keystore
X509證書異常,同時使用StormCrawler爬網一些URL
[英]X509 Certificate Exception while crawling some urls with StormCrawler
如何從 X509 證書中提取 AuthorityKeyIdentifier
[英]How to extract AuthorityKeyIdentifier from X509 Certificate
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.